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Summary 

By completing this module, you should now hove a 
basic understanding of how to navigate through this 
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Building Carrier Relationships 

SBIT's training of FBI personnel includes: 

• Connectivity Issues with service providers 

• Interpretation of information the DCS 3000 provides 

« Sensitized to ffti policies and procedures in regards to 


service provider relationships 
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If you want to see the DCS 3000 equipment for your 
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Our research and development effort, which enables us to be on pace with technology In today’s world, will slow. 
Plans of redundancy for the DCS 3000 system will have to be put on hold. 


Telecommunications Intercept and Collection Technology Unit (TICTU) 
Electronic Surveillance Technology Section 
Operational Technology Division 
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DCS6000 VoiceBox 111 (VBlll) Full System Architectural Overview (Quantity of each type of of sub- 
system within the architecture will vary as determined by need and scope of assigned office) Note: 
DCS3000 is outside of the accreditation boundary for this system. 



DCSNET & 
DCS3000 



Legend : 

RWS Recording Workstation 
AWS Audio Workstation 
CD-R Compact Disk Recorder 
CRPB Courtroom Playback 

iNote : The server is assigned a 
specific IP address and the 
remaining workstations IPs are 
assigned according to DHCP 
(Dynamic Host Configuration 
Protocol).] 
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VoiceBox III (VBIII) Small System Architectural Overview (Quantity of each type of sub-system within 
the architecture will vary as determined by need and scope of assigned office) Note: 
is outside of the accreditation boundary for this system. 



j Note; System with 4 AWS systems or less will work with the VBSVR and RWS 

DCSNET& 

DCS3000 

RWS Recording Workstation 

AWS Audio Workstation 
CD-R Compact Disk Recorder 
CRPB Courtroom Playback 

[Note : The server is assigned a specific IP address and the remaining workstations IPs 
are assigned according to DHCP (Dynamic Host Configuration Protocol).] 


combined on a single server. When more than 4 AWS systems are used then the VBSVR 
and RWS functions are split between two server systems. 
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3.6 Interconnection Interface Description 

O This system does not connect with any other system. 


n This system connects with the folbwing network(s) or system(s); 



3.6.1. 1 Connectivity Management Procedures 



3.6.1. 2 Interconnection 

DCS3000 

The DCS6000 connects to the DCS3000 via DCSNet in order to obtain the outputs of that 
unified system | |communications, PIN data, and Anti-Vir us updates.) Although both 

systems are unciassinea, this connection is guarded by a | T firewall for security 

purposes. The configuration of the firewall is discussed later in this document. Please refer to 
Appendix C - DCS6000 Design Diagrams for additional data on this connection. The 
DCS6000 requests PI N data from th e DCS3000 a nd is pushed the data as it bec omes available. 
The DCS6000 obtain s I data from the | |via UDP traffic 

only. The DCS6000 receives anti-virus updates from a Known l ocatio n witnin tne DCS3000 
network. This transaction is detailed later in this document. Th ei I firewall is configured to 
only allow these forms of traffic, and ICMP to pass. Additionally, only the Recording 
Workstations within the system receive CALEA data and the VB server receives anti-virus data. 
This connection is not governed by an ISA as they are accredited by the same DAA and 
controlled under the same Management Office. 
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3.6.1 .3 Connectivity Procedures 
DCS3000 

While permanently connected, all traffic between the DCS6000 and DCS3000 is originated by 
requests from the DCS6000 for data concerning specific sessions. The DCS6000 requests PIN 
data concerning specific telephone sessions from the DCS3000. That data is then fonwarded to 
the DCS6000 and c aptured bv the Recording VVorkstations. Additionally the Recording 
Workstations obtain ! b ata from the ! { via UDP traffic only. 

This data is monitored by FBI personnel as it enters the system and combined with voice data 
from the Telephone Service Provider for evidence purposes. 
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3.8 Data Flow Diagram 


DCS6000 Data Flow Diagram 



The DCSSOOOA/oiceBox III is CALEA-compliant and is designed to be integrated with other 
advanced electronic surveillance and post-processing equipment. The FBI may use it as a 
stand-alone system or in conjunction with the DCSNET and DCS3000 CALEA-compliant 
system. 
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telephone pr ovide f I 

i land is buffer ed on the hard drive. At the same time, the buffered signal is streamed 

to an i t hat controls the recording of the buffered signal. In addition to the 

audio provided by the target’s service provider, if this call is CALEA based such as by cell 
phone, all CALEA call data is input into the ! i from the service provider by 

a path configured through the DCSNET and DCS3000 system. This call data will be linked with 
the call content as a call session record in the DCS6000 database. After the targeted call has 
been completed, the audio file of the recorded call is sent to the S erver Workstation and then 
written to evidence and work-copy media in thd l (MO) jukebox. The server then 

sends a message to the | t o remove the buffered file. Additionally, please 

see Appendix B for detailed system diagrams. 


SENSITIVE BUT UNCLASSIFIED 


PG-8 


SENSITIVE BUT UNCLASSIFIED 


DCS3000 communications 

The DC S6000 connec ts to the DCS3000 via DCSNet in order to obtain the outputs of that 
system | land PIN data. Data including such items as end point phone number and 

time of call). Although both systems are unclassified, this connection is guarded by a| 
firew/all for security purposes. The DCS6000 requests PIN data from the DCS3 000 anTis 
pushed the data as it becomes available. The DCS6Q 00 obt ains i | data from the 

( via UDP traffic only. The I ^ rewall is co nfigured to on ly allow 

rom known locations. A dditionally, only the! I 

I ' ^ A/ithin the system receive this data. The | I requ^ts this data 

by identifying specific reference codes of interest much like serial numbers assigned to a 
particular conversation. The DCS3000 fu lfills these reque sts and associates them with the 
unique serial number used in the request. F ~p ata is received via UDP, while PIN 

register data is received via TCP traffic. This data is associated with the session record and a 
digital signature is generated. This connection is not governed by an ISA as they are 
accredited by the same DAA and controlled under the same Management Office. 





